Bump dompurify from 3.1.2 to 3.1.3 in /frontend-react

[dependabot[bot]]

Bumps dompurify from 3.1.2 to 3.1.3.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.1.3

• Fixed several mXSS variations found by and thanks to @​kevin-mizu & @​Ry0taK
• Added better configurability for comment scrubbing default behavior
• Added better hardening against Prototype Pollution attacks, thanks @​kevin-mizu
• Added better handling and readability of the nodeType property, thanks @​ssi02014
• Fixed some smaller issues in README and other documentation

Commits

• 3fe78d7 chore: Preparing 3.1.3 release
• b20ce99 fix: Added smaller-than-null check for __depth hardening code
• 1e52026 fix: Hardened the depth tracking code against prototype pollution
• 8df72f1 fix: Made the regex for comment scrubbing a bit stricter
• ae517d6 fix: Expanded the comment scrubbing regex matching a bit further
• b6818ce fix: Added better configurability for new comment behavior
• aafd7a8 docs: Changed inline comments slightly to be more accurate
• a377bf8 test: Fixed the tests
• d1d5d22 fix: Added experiemental comment scrubbing inside attributes
• dc61232 fix #949
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

frontend-react/package.json

Package	Version	License	Issue Type
dompurify	^3.1.3	Null	Unknown License

frontend-react/yarn.lock

Package	Version	License	Issue Type
dompurify	3.1.3	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
npm/dompurify	^3.1.3	:green_circle: 5.9	Details Check Score Reason Code-Review :warning: 2 Found 3/14 approved changesets -- score normalized to 2 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :green_circle: 10 SAST tool is run on all commits Pinned-Dependencies :green_circle: 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
npm/dompurify	^3.1.2	:green_circle: 5.9	Details Check Score Reason Code-Review :warning: 2 Found 3/14 approved changesets -- score normalized to 2 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :green_circle: 10 SAST tool is run on all commits Pinned-Dependencies :green_circle: 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
npm/dompurify	3.1.3	:green_circle: 5.9	Details Check Score Reason Code-Review :warning: 2 Found 3/14 approved changesets -- score normalized to 2 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :green_circle: 10 SAST tool is run on all commits Pinned-Dependencies :green_circle: 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
npm/dompurify	3.1.2	:green_circle: 5.9	Details Check Score Reason Code-Review :warning: 2 Found 3/14 approved changesets -- score normalized to 2 Maintained :green_circle: 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 9 license file detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Security-Policy :green_circle: 10 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Branch-Protection :warning: 0 branch protection not enabled on development/release branches SAST :green_circle: 10 SAST tool is run on all commits Pinned-Dependencies :green_circle: 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected

Scanned Manifest Files

frontend-react/package.json

• dompurify@^3.1.3
• dompurify@^3.1.2

frontend-react/yarn.lock

• dompurify@3.1.3
• dompurify@3.1.2

[snesm]

@dependabot rebase

[dependabot[bot]]

Superseded by #14488.